My root server hosts as separate VMs at least a website and an email server => both are magnets for all kinds of scans and intrusion attempts => I've got logscans + honeypots etc... set up (fail2ban then closes the source IP's connection for a while) which seem to be working.
I wonder if things could improve (e.g. preemptive FW-drop) by making fail2ban use "badIPs", and to make fail2ban feed back to badIPs the "bad IPs that I identify"? Any personal experience in this area here? How dynamic/reliable are "badIPs" lists?
I tried to use F2B and https://voipbl.org on a small 1 core + 1 GB RAM vm and it did not work out very well. I'm pretty sure iptables was crashing because there were so many IPS to block. Your mileage may vary. Probably needs something a little more powerful than what I had.
(as described e.g. here https://www.howtoforge.com/tutorial/protect-your-server-comp... )
(in both modes, download & upload)
My root server hosts as separate VMs at least a website and an email server => both are magnets for all kinds of scans and intrusion attempts => I've got logscans + honeypots etc... set up (fail2ban then closes the source IP's connection for a while) which seem to be working.
I wonder if things could improve (e.g. preemptive FW-drop) by making fail2ban use "badIPs", and to make fail2ban feed back to badIPs the "bad IPs that I identify"? Any personal experience in this area here? How dynamic/reliable are "badIPs" lists?